Certified Information Systems Auditor (CISA) — Question 548

In which phase of penetration testing would host detection and domain name system (DNS) interrogation be performed?

Answer options

• A. Reporting
• B. Attacks
• C. Discovery
• D. Planning

Correct answer: C

Explanation

The correct answer is C, as the Discovery phase focuses on gathering information about the target, including host detection and DNS interrogation. The Reporting phase involves documenting findings, the Attacks phase is about exploiting vulnerabilities, and the Planning phase is for strategizing the test approach.